QUESTION 33
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2012. The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. The domain contains three servers configured as shown in the following table.
Client computers obtain TCP/IP settings from Server3. You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2. Server1 has four DNS zones configured as shown in the following table.
You need to ensure that when a record is added dynamically to fabrikam.com, only the computer that created the record can modify the record. The solution must allow administrators to modify all of the records in fabrikam.com. What should you do?

A. Change fabrikam.com to an Active Directory-integrated zone
B. Raise the functional level of the domain
C. Modify the security settings of the Fabrikam.com.dns file
D. Modify the Start of Authority (SOA) settings of fabrikam.com

QUESTION 34
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration.
You have the following subnets defined on Server1.
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServerQueryResolutionPolicy cmdlet.
Does this meet the goal?

QUESTION 35
Your company has 5,000 users who work remotely. You have 40 VPN servers that host the remote connections for the users. You plan to deploy a RADIUS solution that contains five RADIUS servers. You need to ensure that client authentication requests are distributed evenly between the five RADIUS servers. What should you do?

A. Install the Network Load Balancing role service on all of the RADIUS server.
Configure all of the RADIUS clients to connect to a virtual IP address.
B. Deploy RAS Gateway to a new server.
Configure all of the RADIUS clients to connect to RAS Gateway.
C. Install the Failover Clustering role service on all of the RADIUS servers.
Configure all of the RADIUS clients to connect to the IP address of the cluster.
D. Deploy a RADIUS proxy to a new server. Configure all of the RADIUS clients to connect to the RADIUS proxy.

QUESTION 36
You have a server named Server1 that runs Windows Server 2016 and is configured as a domain controller. You install the DNS Server server role on Server1. You plan to store a DNS zone in a custom Active Directory partition. You need to create a new Active Directory partition for the zone. What should you use?